Last week, the IT department had an epiphany, they decided to replace Mcafee Anti-Virus with Norton on all employees computers. Since I work in a company technologically retarded, the announcement almost went unnoticed with minimal opposition from all the departments. Only a handful (actually one besides me) didn’t like the decision. We discussed it a bit, that Norton is a resource hog, and will probably slow up our systems. However we begrudgingly obliged.

While I knew that my system was screwed, since I didn’t defragment for some time, had loads of unnecessary applications, didn’t clean my registry for a few month…etc. You know how XP could become after a couple of month of usage. The Norton installation was like the last nail in my laptops coffin. The system has become so annoyingly slow, that on more than one occasion I almost punched the screen! Switching between applications could take up to 30 seconds, sending out an E-mail would take another 30 seconds, random freezes while typing a document, it really got frustrating. I decided to take matters into my own hands. Step one: be the technological renegade I always been, get rid of Norton!

So I fire up my Control Panel, and then click on the Add/Remove Programs icon, click on the damn Norton icon and Remove. Oh oh not so fast cowboy, I needed a password:

Hacking Norton Symentec

At this point, a lot of ideas crossed my mind, smart guessing, brute force, social engineering…etc. But I decided to appeal to Google, maybe there was a default password I could use. After a quick 30 second Google, I landed on a forum, someone had the same exact problem I had, one suggested to fire up the Task Manager and kill a process run by the user (not System) called Msiexec.exe. My first thought, was NO WAY, it can’t be that easy! But decided to try it.

Hacking Norton Symentec

Lo and Behold! The uninstallation rolled and I had a Norton free system within a minute!

Now my question is: is this the kind of security millions of computer users and thousands of corporation depending on? How can such a hack go unnoticed for multiple versions (yes it has been around even for earlier versions) by such a “leading” computer security company? Didn’t any one report it? File a bug? Security through obscurity my ass!